diff --git a/blog/systemd_insecurity.html b/blog/systemd_insecurity.html index c7cc2d0..2717d8d 100644 --- a/blog/systemd_insecurity.html +++ b/blog/systemd_insecurity.html @@ -5,7 +5,7 @@ - + @@ -48,7 +48,7 @@
"You don't assign CVEs to every single random bugfix we do, do you?"

- Lennart Poettering, systemd lead developer

-

My thoughts: Yes, if they're security-related.

+

My thoughts: Yes, if they're security-related.

Source: systemd GitHub Issue 5998

@@ -60,7 +60,7 @@ blesses the nonsensical part of the CVE circus which we really shouldn't bless..."

- Lennart Poettering, systemd lead developer

-

My thoughts: CVEs are supposed to be for security, and a log of when they +

My thoughts: CVEs are supposed to be for security, and a log of when they were found and their severity, so yes, it is the correct way to announce it. It seems as if over 95 security-concious people think the same.

Source: @@ -89,7 +89,7 @@ So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but still: the username is clearly not valid."

- Lennart Poettering, systemd lead developer

-

My thoughts: systemd was the thing that allowed root access just because a +

My thoughts: systemd was the thing that allowed root access just because a username started with a number, then Poettering blamed the user.

Source: systemd GitHub Issue 6237